Botnet Detection on CTU-13 Using Lightweight Machine Learning Models

Botnets are among the most persistent cyber threats, enabling large-scale attacks such as spam, credential theft, and distributed denial-of-service DDoS. While deep learning approaches have recently been applied to botnet detection, they are computationally intensive and often lack...

ML Defender (ARGus NDR): An Open-Source Embedded ML NIDS for Botnet and Anomalous Traffic Detection in Resource-Constrained Organizations

Ransomware and DDoS attacks disproportionately impact hospitals, schools, and small organizations that cannot afford enterprise security solutions. We present ML Defender aRGus NDR, an open-source network intrusion detection system built in C++20, deployable on commodity hardware at approximately...

How the Graph Construction Technique Shapes Performance in IoT Botnet Detection

The increasing incidence of IoT-based botnet attacks has driven interest in advanced learning models for detection. Recent efforts have focused on leveraging attention mechanisms to model long-range feature dependencies and Graph Neural Networks GNNs to capture relationships between data instance...

Toward Real-World IoT Security: Concept Drift-Resilient IoT Botnet Detection Via Latent Space Representation Learning and Alignment

Although AI-based models have achieved high accuracy in IoT threat detection, their deployment in enterprise environments is constrained by reliance on stationary datasets that fail to reflect the dynamic nature of real-world IoT NetFlow traffic, which is frequently affected by concept drift...

A Lightweight Federated Learning Approach for Privacy-Preserving Botnet Detection in IoT

The rapid growth of the Internet of Things IoT has expanded opportunities for innovation but also increased exposure to botnet-driven cyberattacks. Conventional detection methods often struggle with scalability, privacy, and adaptability in resource-constrained IoT environments. To address these...

Leveraging Machine Learning for Botnet Attack Detection in Edge-Computing Assisted IoT Networks

The increase of IoT devices, driven by advancements in hardware technologies, has led to widespread deployment in large-scale networks that process massive amounts of data daily. However, the reliance on Edge Computing to manage these devices has introduced significant security vulnerabilities, a...

New Research: Enhancing Botnet Detection with AI using LLMs and Similarity Search

As botnets continue to evolve, so do the techniques required to detect them. While Transport Layer Security TLS encryption is widely adopted for secure communications, botnets leverage TLS to obscure command-and-control C2 traffic. These malicious actors often have identifiable characteristics...

Detecting Account Takeover Botnets

A botnet is a network of compromised computers - known as bots - usually controlled by a command and control computer, that work together in coordination for a malicious purpose. In this blog post, we’ll discuss how to detect botnets used for account takeover ATO, an attack used to obtain the val...

The Challenges of DIY Botnet Detection – and How to Overcome Them

Botnets have been around for over two decades, and with the rise of the Internet of Things IoT they have spread further to devices no one imagined they would - printers, webcams, and even toasters and fridges. Some botnets enlist infected devices to mine cryptocurrency or steal passwords from oth...

Drupal, Phishing and A New Cryptomining Botnet

It’s a well-known fact that security solutions must quickly adapt to new attack methods. There are several ways to achieve this goal, regularly applying security patches and updates, relying on threat intelligence and more. At Imperva, we use pattern anomaly detection as one of the tools to...

Fast Flux Botnet: Research Results

Just like that, another Akamai Edge has come and gone. If you were able to join us this year, I hope you had a chance to stop by my presentation on Threat Intelligence Insights: An In-Depth Analysis of a Fast Flux Botnet. In short, Fast Flux is a DNS technique used by botnets to hide various type...

Pushdo Botnet Detection

Binary data 6579.prm...

Coming Up With Better Ways to Count — and Counter — Botnets

As botnets continue as a major purveyor of malicious activity, finding new and improved ways to measure their influence will be key to preventing future attacks. But gaining an accurate read on active populations continues to prove difficult. In recent years more research has been devoted to...

Generic IRC Client Detection / Generic Botnet Detection

Binary data 4440.prm...

Generic Botnet Server Detection (HTTP Client)

Binary data 4401.prm...

Generic Botnet Client Detection

Binary data 3858.prm...

Generic Botnet Client Detection (deprecated)

Binary data 3127.prm...

Generic Botnet Client Detection (deprecated)

Binary data 3120.prm...

Generic Botnet Server Detection (ftp) (deprecated)

Binary data 3142.prm...

Generic Botnet Server Detection (waste) (deprecated)

Binary data 3148.prm...